The four-member committee is tasked with looking into the events and contributing factors leading to the cyberattack on SingHealth’s patient database system, as well as recommend measures to reduce the risk of such attacks in future, MCI says.

A four-member Committee of Inquiry (COI) was appointed on Tuesday (Jul 24) to look into the SingHealth cyberattack, considered to be the most serious breach of personal data in Singapore’s history. Chan Luo Er with this report.

In a statement, Mr Magnus said: "This is a responsibility that I take seriously. I will work with the COI members to ensure that we fully deliver on this important task which has been entrusted to us.”

The COI was tasked to establish the events and contributing factors leading to the cyberattack on SingHealth’s patient database system on or around Jun 27 this year, and the subsequent stealing of data from the network.

It will also look at how Integrated Health Information Systems (IHiS) and SingHealth responded, and recommend measures to enhance the incident response plans for similar incidents and measures to better protect SingHealth’s IT system against similar attacks.

With these findings, the committee is to also recommend measures to reduce the risk of such cyberattacks on public sector IT systems which contain large databases of personal data including in the other public healthcare clusters, MCI said in the press release.

The COI will conduct private and public hearings, and is to submit a report on its findings and recommendations to Mr Iswaran by Dec 31, 2018, it added.

The minister, during his speech at the ministry’s annual workplan seminar on Tuesday, said the SingHealth cyberattack is an example of incidents that threaten to erode the “precious trust” in the institutions in Singapore, which has been painstakingly built up.

“This incident was a deliberate and sophisticated attack that caused the most serious breach of personal data in Singapore’s history,” Mr Iswaran said. “But we were also fortunate because it could have been worse. We were fortunate that there was early detection in the exfiltration of data.”

He added that while the Government will do everything it can to strengthen its systems, it cannot completely eliminate the risk of another cyberattack.

“That is the nature of this ongoing battle. The would-be attackers are constantly developing new capabilities even as we reinforce our IT systems,” he said.

He also reiterated his earlier message, as well as that of Prime Minister Lee Hsien Loong, that the incident, or any others like it, should not be allowed to derail Singapore’s Smart Nation plans.

“Digital is the way of the future,” Mr Iswaran said. “We must adapt ourselves to operate effectively and securely in the digital world, to deliver better public services, enhance our economic competitiveness and create opportunities for our enterprises and our people.”

DATA REGULATIONS TO BE UPDATED

The minister also pointed out that one of the Government's responsibilities is to provide transparent, effective and progressive regulations, including those governing data.

He said the Personal Data Protection Act (PDPA) is currently being reviewed to strike the right balance between organisations' legitimate need to collect and use personal data and people's concern for greater accountability for the use of such data.

In a response to Channel NewsAsia's queries on Tuesday, an MCI spokesperson said the Personal Data Protection Commission (PDPC) has been notified of the cyberattack and will investigate the matter.

SingHealth and IHiS are corporate entities which are bound by the PDPA, the spokesperson added.

"PDPC will take into account the Committee of Inquiry’s report in its determination/assessment of any appropriate action to be taken," the spokesperson said.

Other initiatives to strengthen the local regulatory landscape include the development of Singapore's own certification system, said Mr Iswaran. The Data Protection Trustmark will recognise organisations with high standards of data protection and facilitiate cross-border data exchanges, he said.

Tagged Topics

Share this content

Bookmark

More stories for you

Get the Channel NewsAsia newsletter in your inbox

Invalid email address

It looks like the email address you entered is not valid.

I consent to the use of my personal data by Mediacorp and the Mediacorp group of companies (collectively "Mediacorp") to send me marketing and advertising materials in relation to goods and services of Mediacorp and its business partners and for research and analysis

About Us

Advertise with us

Get the news that matters in your inbox every morning!

Please enter your email address

I consent to the use of my personal data by Mediacorp and the Mediacorp group of companies (collectively "Mediacorp") to send me marketing and advertising materials in relation to goods and services of Mediacorp and its business partners and for research and analysis